class TestLocalVerifier(unittest.TestCase, VerifierTestCases): def setUp(self): with warnings.catch_warnings(record=True): warnings.simplefilter("default") self.verifier = LocalVerifier() def test_expired_assertion(self): super(TestLocalVerifier, self).test_expired_assertion() # It'll verify OK if we wind back the clock. data = self.verifier.verify(EXPIRED_ASSERTION, now=0) self.assertEquals(data["audience"], "http://myfavoritebeer.org") # And will fail if we give the wrong audience. self.assertRaises(AudienceMismatchError, self.verifier.verify, EXPIRED_ASSERTION, "h", 0) def test_expired_assertion_dev(self): super(TestLocalVerifier, self).test_expired_assertion_dev() # It'll verify OK if we wind back the clock. data = self.verifier.verify(EXPIRED_ASSERTION_DEV, now=0) self.assertEquals(data["audience"], "http://dev.myfavoritebeer.org") # And will fail if we give the wrong audience. self.assertRaises(AudienceMismatchError, self.verifier.verify, EXPIRED_ASSERTION_DEV, "h", 0) def test_error_while_fetching_public_key(self): def fetch_public_key(hostname): raise RuntimeError("TESTING") self.verifier.fetch_public_key = fetch_public_key self.assertRaises(ConnectionError, self.verifier.verify, EXPIRED_ASSERTION, now=0) def test_missing_host_meta_document(self): def urlopen(url, data): raise RuntimeError("404 Not Found") self.verifier.urlopen = urlopen self.assertRaises(ConnectionError, self.verifier.verify, EXPIRED_ASSERTION, now=0) def test_malformed_host_meta_document(self): def urlopen(url, data): class response(object): @staticmethod def read(): return "I AINT NO XML, FOOL!" return response self.verifier.urlopen = urlopen self.assertRaises(ConnectionError, self.verifier.verify, EXPIRED_ASSERTION, now=0) def test_host_meta_with_no_key_link(self): def urlopen(url, data): class response(object): @staticmethod def read(): return "<Meta>"\ " <Link rel='not the key link' href='haha' />"\ "</Meta>" return response self.verifier.urlopen = urlopen self.assertRaises(ConnectionError, self.verifier.verify, EXPIRED_ASSERTION, now=0) def test_host_meta_with_key_link(self): # The browserid.org server doesn't currently have host-meta. # This simulates it with a link to the known public key URL. called = [] orig_urlopen = self.verifier.urlopen def urlopen(url, data): if called: return orig_urlopen("https://browserid.org/pk") called.append(True) class response(object): @staticmethod def read(): rel = self.verifier.HOST_META_REL_PUBKEY return "<Meta>"\ " <Link rel='" + rel + "' href='haha' />"\ "</Meta>" return response self.verifier.urlopen = urlopen self.assertTrue(self.verifier.verify(EXPIRED_ASSERTION, now=0)) def test_handling_of_invalid_content_length_header_from_server(self): def urlopen(url, data): class response(object): @staticmethod def info(): return {"Content-Length": "forty-two"} @staticmethod def read(size): raise RuntimeError # pragma: nocover return response self.verifier.urlopen = urlopen self.assertRaises(ConnectionError, self.verifier.verify, EXPIRED_ASSERTION, now=0) def test_error_handling_in_verify_certificate_chain(self): self.assertRaises(ValueError, self.verifier.verify_certificate_chain, []) certs = decode_json_bytes(EXPIRED_ASSERTION)["certificates"] certs = [JWT.parse(cert) for cert in certs] self.assertRaises(ExpiredSignatureError, self.verifier.verify_certificate_chain, certs) self.assertTrue(self.verifier.verify_certificate_chain(certs, 0))